new post

content/hacking/HowTo_dirb.md

@@ -0,0 +1,55 @@
++++
+title = 'HowTo dirbust'
+date = 2024-12-04
+image = 'https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images'
++++
+
+![](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.tenor.com%2FitzjDO82OoMAAAAM%2Fsoldier-kick.gif&f=1&nofb=1&ipt=b79054f30ab3b1a5aad40a4ee346329aaeb3aa762c007749ac97f301ac771bd6&ipo=images)
+
+<!-- TODO check later if image still available. Also maybe host them here?! Need to add all of them to sources, buh -->
+
+## Tools
+
+We have 2 good options:
+
+### [ffuf](https://github.com/ffuf/ffuf)
+
+`ffuf -r -sf -ac -w ./wordlist.txt  -u http://scanme.sh/FUZZ `
+
+pros:
+ - have great `-ac` which automatically filters potential false-positives
+ - `-sf` stop when > 95% of responses return 403 Forbidden
+ - `-enc` can encode wordlist with URL/base64 encoder
+ - you can specify multiple wordlists
+ - `-mode` can specify multiple wordlists and multiple FUZZ words (like in burp suite)
+ - you can specify rate limit
+ - more matching options
+ - have recursive scan
+ - better UI (+ have some interactive mode)
+
+
+cons:
+ - you need to hack your way around to get it working as Go library
+ - you muist specify `FUZZ` in url
+ 
+### [gobuster](https://github.com/OJ/gobuster)
+
+`gobuster dir -r -k -w ./wordlist.txt -u "http://scanme.sh/" --exclude-length 2 `  
+`gobuster fuzz -r -k -w ./wordlist.txt -u "http://scanme.sh/FUZZ" --exclude-length 2 `
+
+pros:
+ - for some of my tests it made less false-positives
+ - I've made GoLang lib - [gobuster-lib](/hacking/howto_dirb_golang_library/)
+ - have options to find backup files (`.bak`,`.1`...)
+ - can randomize user-agent
+ 
+cons:
+ - annoying false-positive - don't automatically set `--exclude-length` if got 404 page with HTTP response 200 (try scan http://scanme.sh/)
+ - you can't specify rate limit, but you can specify threads (1 thread roughly 6-8pps)
+
+## Wordlists
+
+Rockyou for web dirs - [six2dez/OneListForAll](https://github.com/six2dez/OneListForAll)  
+
+[Wordlists post](/hacking/listof_wordlists/)
+

content/hacking/HowTo_dirb_golang_library.md

@@ -0,0 +1,14 @@
++++
+title = 'HowTo dirb with GoLang library'
+date = 2024-11-27
++++
+
+
+Well, if you want to integrate dirbuster to your Go app, than you are in a troube since tools dont provided usage as library. You'll end up with 2 choices:
+ - write own lib from scratch
+ - hack around with known tools
+
+I've did last one. I've modificated dirb tool so it's easy to use as library. 
+
+Here you go - https://git.sual.in/casual/gobuster-lib
+

content/tech/HowTo_Ansible.md

@@ -73,7 +73,7 @@ Task: dump config of a router and write role for PCs which will:
 1. Install Ansible on Controller node - `pip install ansible` 
 2. Install Python on Unix/Windows machines if it isn't installed (not strictly necessary, but otherwise need a workaround)
 3. Create project folder - `mkdir projectName && cd projectName`
-4. Make Git repo - [HowTo Git](/hidden/todo)
+4. Make Git repo - [HowTo Git](/tech/howto_git)
 5. Generate public SSH key (if it doesn't exist) - `ssh-keygen`, press x3 ENTER
 6. Copy public SSH key to remote hosts (way depends per OS) - (GNU/Linux) `ssh-copy-id [TargetIP]`